LDAP Server Object Stores

An LDAP server is the recommended object store for
production messaging systems. LDAP servers are designed
for use in distributed systems and provide security features that are useful
in production environments.

LDAP implementations are available from a number
of vendors. To manage an object store on an LDAP server
with Message Queue administration tools, you may first need to configure the
server to store Java objects and perform JNDI lookups;
see the documentation provided with your LDAP implementation
for details.

To use
an LDAP server as your object store, you must specify the
attributes shown in Table 11–1.
These attributes fall into the following categories:

Initial context.The java.naming.factory.initial attribute
specifies the initial context for JNDI lookups on the server.
The value of this attribute is fixed for a given LDAP object
store.

Location.The java.naming.provider.url attribute specifies the URL and
directory path for the LDAP server. You must verify that
the specified directory path exists.

Security.The java.naming.security.principal, java.naming.security.credentials, and java.naming.security.authentication attributes
govern the authentication of callers attempting to access the object store.
The exact format and values of these attributes depend on the LDAP service
provider; see the documentation provided with your LDAP implementation
for details and to determine whether security information is required on all
operations or only on those that change the stored data.

Table 11–1 LDAP Object Store Attributes

Attribute

Description

java.naming.factory.initial

Initial context for JNDI lookup

Example:

com.sun.jndi.ldap.LdapCtxFactory

java.naming.provider.url

Server URL and directory path

Example:

ldap://myD.com:389/ou=mq1,o=App

where administered objects are stored in the directory /App/mq1.

java.naming.security.principal

Identity of the principal for authenticating callers

The format of this attribute depends on the authentication scheme: for
example,

uid=homerSimpson,ou=People,o=mq

If this attribute is unspecified, the behavior is determined by the LDAP service provider.

java.naming.security.credentials

Credentials of the authentication principal

The value of this attribute depends on the authentication scheme: for
example, it might be a hashed password, a clear-text password, a key, or a
certificate.

If this property is unspecified, the behavior is determined by the LDAP service provider.

java.naming.security.authentication

Security level for authentication:

none: No security

simple: Simple security

strong: Strong security

For example, if you specify simple, you will be prompted
for any missing principal or credential values. This will allow you a more
secure way of providing identifying information.

If this property is unspecified, the behavior is determined by the LDAP service provider.